Skip to main content

Privacera Documentation

AWS Lake Formation FAQs for Push mode

What are the prerequisites for setup?

Are Tag Policies supported?

  • Yes, the tag policies are supported. Tags and tag resource mapping can be created using Ranger TagREST APIs, and then tag policies can be created in Privacera on top of those tags, which will be transformed into normal access policies, and these access policies will be pushed to AWS Lake Formation as well as the Hive repo in push mode.

Can an audit log be enabled?

  • Yes, audit logging can be enabled. To enable audit logs, you need to establish an S3 bucket and set up a cloud trail. For more information,see Configuring audit logs for the AWS Lake Formation on PrivaceraCloud. To enable this flag, do the following:

    PrivaceraCloud Steps:

    • Use the toggle to Enable access audits

    Privacera Platform steps:

    • Set the CONNECTOR_LAKEFORMATION_AUDIT_ENABLE flag to true.

Note

When enabling access audits for AWS Lake formation connector, you must enable CloudTrail from AWS. For more information, see AWS guidelines for cost management with CloudTrail.

Is Amazon S3 data location supported?

  • Yes.

Is Row Level Filtering supported?

  • Yes.

Is Column Masking supported?

  • No, column masking is not supported by the AWS Lake Formation.

Are “Include/exclude column policies” supported?

  • Yes.

Are database resource link/table resource link supported?

  • Yes.

What Privacera features are supported in the AWS Lake Formation push mode?

  • See the supported feature matrix in the following table.

    Tip

    Table abbreviations:

    GA: General Availability

    NA: Not Applicable

    NS: Not Supported

    MP: Mission Possible

Table 2. Privacera Features support Matrix for push mode

Feature

Availability

Database Access Control

Catalog Level

GA

Database Level

GA

Table Level

GA

View Level

NA

Native Column Level

GA

Other objects

Data locations

GA

Database Resource links

GA

Table Resource links

GA

Cross account Resource links

GA

Tag

GA

Row Filter

Native Row Filter on Table

GA

Native Row Filter on View

NA

Masking

Native Masking on Table

NA

Native Masking on View

NA

Tag Based Access Control

Allow Condition

GA

Tag Based Masking

Allow Condition

GA

Attribute Based Access Control (ABAC)

Allow Condition

GA

Audits

Access Audits

GA

Principals

IAM Users

GA

IAM Role

GA

SAML Users

GA

SAML Groups

GA

External Accounts

GA

Native Public Group

GA

Extended Privacera Plugin Support

Hive Plugin

GA

Spark Plugin

GA

Databricks SQL Analytics with Glue Metastore

GA